en
Contact us
Contact us

Privacy Policy

§ 1 General Provisions

This Privacy Policy sets out the rules for processing personal data of users of the website gorilla-hr.com, hereinafter referred to as the “Service,” operated by Gorilla Software Sp. z o.o., with its registered office in Rzeszów, at ul. Jana i Jędrzeja Śniadeckich 20D/7, 35-006 Rzeszów, Poland, entered in the register of entrepreneurs under number KRS: 0000890717, NIP: 8133856997, REGON: 388472110, hereinafter referred to as the “Administrator.”

Personal data of users are processed in accordance with legal regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as “GDPR.”

The Administrator can be contacted regarding data protection issues via email: hr@softgorillas.com 

§ 2 Scope and Purpose of Data Processing

Data collected from candidates:

  • Name and surname
  • Email address
  • Phone number
  • CV and other application documents
  • Information about qualifications and work experience

Purpose of data processing:

  1. Conducting recruitment on behalf of the Administrator’s clients.
  2. Enabling candidates to participate in contract outsourcing processes.
  3. Sending information about job offers and projects to candidates.
  4. Contacting candidates to arrange details of cooperation.
  5. Managing the candidate’s profile by the Administrator.
  6. Conducting statistical analyses to improve recruitment services.
  7. Direct marketing of similar services offered by the Administrator, provided the user has not objected to such processing.

Data collected from clients:

  • Company name
  • Email address
  • Phone number
  • Contact details of the person responsible for recruitment
  • Details regarding the demand for employees or outsourcing services

Purpose of client data processing:

  1. Execution of orders related to recruitment and outsourcing.
  2. Contact regarding the ordered services.
  3. Sending profiles of candidates meeting the client’s requirements.

§ 3 Legal Basis for Data Processing

  1. Personal data of candidates are processed based on:
    • Candidate’s consent (Art. 6(1)(a) GDPR).
    • Contract performance (Art. 6(1)(b) GDPR).
  2. Personal data of clients are processed based on:
    • Contract performance (Art. 6(1)(b) GDPR).
    • Legal obligations incumbent on the Administrator (Art. 6(1)(c) GDPR).
  3. Personal data may also be processed to pursue legitimate interests (Art. 6(1)(f) GDPR), such as:
    • Protection against claims.
    • Conducting analyses and statistics.
    • Direct marketing of the Administrator’s services.

§ 4 Transfer of Personal Data

  1. Personal data of candidates may be transferred to the Administrator’s clients for recruitment and outsourcing processes in accordance with the purposes outlined in §2.
  2. The Administrator may entrust the processing of personal data to third parties, such as IT service providers, hosting companies, and software providers, under a data processing agreement in compliance with GDPR.
  3. Personal data may be transferred to state authorities based on legal provisions.
  4. If personal data are transferred outside the European Economic Area (EEA), the Administrator ensures an adequate level of protection, including the use of standard contractual clauses approved by the European Commission.

§ 5 Data Retention Period

  1. Personal data of candidates are stored:
    • For the period necessary to achieve the purposes for which they were collected.
    • No longer than 2 years from the date of acquisition unless the candidate consents to further processing.
    • Beyond the initial period if necessary to defend against legal claims or comply with legal obligations.
  2. Personal data of clients are stored:
    • For the duration of the contract.
    • After contract termination for the period required by law (e.g., 5 years from the end of the fiscal year) or necessary to pursue claims

§ 6 User Rights

Every user has the right to:

  1. Access their personal data.
  2. Rectify personal data.
  3. Delete personal data (“right to be forgotten”).
  4. Restrict the processing of personal data.
  5. Data portability.
  6. Object to the processing of personal data.
  7. Withdraw consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Procedure for exercising rights:
Requests to exercise rights must include sufficient information to verify the identity of the requesting individual. The Administrator will respond to such requests within 30 days, as required by GDPR.

Candidates may submit requests to delete their personal data via email: hr@softgorillas.com. The Administrator is obliged to delete the data within 14 days of receiving the request.

§ 7 Data Security

  1. The Administrator applies appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, modification, unauthorized disclosure, or access.
  2. Access to personal data is granted only to persons authorized by the Administrator, who are obliged to maintain confidentiality.

§ 8 Cookies

  1. The Service uses the following types of cookies:
    • Necessary cookies: Essential for the operation of the website.
    • Analytical cookies: Used to collect anonymous statistics on user behavior.
    • Marketing cookies: Used to display personalized advertisements based on user preferences.
  2. Users can manage or disable cookies through their browser settings. Limiting the use of cookies may affect the functionality of the Service.
  3. Detailed information regarding the cookies used is available in the Cookies Policy on the Service.

§ 9 Changes to the Privacy Policy

  1. The Administrator reserves the right to change this Privacy Policy.
  2. Users will be informed about significant changes to the Privacy Policy via email or a notification displayed on the Service homepage.
  3. Changes come into force within 14 days of their publication on the Service.

§ 10 Final Provisions

  1. Matters not regulated by this Privacy Policy shall be governed by Polish law.
  2. Any disputes arising from the use of the Service will be resolved by the court having jurisdiction over the Administrator’s registered office.

Recently on the blog: